goryszewskig
9/26/2019 - 10:55 AM

Ansible SSH Agent forwarding with Jump (bastion) host

Ansible SSH Agent forwarding with Jump (bastion) host

[defaults]
sudo_flags = SSH_AUTH_SOCK="$SSH_AUTH_SOCK" -H -S -n

[ssh_connection]
ssh_args=-o ForwardAgent=yes
ControlMaster auto
ControlPath ~/.ssh/tmp/control_%h_%p_%r
ControlPersist 1m

Host jump
    HostName <jump_ip>
    User nazarewk
    ForwardAgent yes

Host secured-*
    User nazarewk
##   ProxyJump works on OpenSSH 7.3+ (newest version as of 16.09.2016)
#    ProxyJump jump
    ProxyCommand ssh jump -W %h:%p
    ForwardAgent yes
- name: Ensuring we can ForwardAgent
  lineinfile:
    dest: "~/.profile"
    line: '[ -n "$SSH_AUTH_SOCK" ] && setfacl -m u:{{ project_user }}:rw "$SSH_AUTH_SOCK" && setfacl -m u:{{ project_user }}:x "$(dirname $SSH_AUTH_SOCK)"'
    insertafter: EOF

- name: Ensure we have ForwardAgent
  command: ssh-add -l
  become: true
  become_user: "{{ project_user }}"